The variety of financial, business and operational risks inherent in the highly competitive global market, as well as the large and continually growing number of cross-industry mandates, governmental regulations and industry-specific regulatory guidelines have significantly impacted how organizations make business-critical decisions. With the rapid advancement in communications and mobile technologies, the “speed of business” is consistently rising.
However, without sufficient visibility into risk and compliance-related issues, any competitive advantage gained from an expedited “time-to-decision” is more than outweighed by the potentially disastrous effect on company image, brand value and, ultimately, revenue associated with noncompliance and sensitive data leaks.
Despite the prevalent role of governance, risk management and compliance (GRC) in multi-regulatory industries like financial services and life sciences, there exists considerable confusion on which solutions to employ, how to internally structure the organization to ensure the solution implemented continually meets the organization’s needs, and GRC’s potential to significantly advance business — rather than just technical — goals.
Based on the findings from the February 2008 GRC report, “GRC Strategic Agenda: The Value Proposition of Governance, Risk and Compliance,” the GRC market, although large and rapidly growing, is still in its infancy.
The technology is in a continual state of evolution and innovation as the market as a whole advances in its knowledge and understanding of the benefits of such initiatives. One of the primary trends developing is the convergence and automation of the historically siloed risk management and compliance units to reduce costs associated with redundant and manual processes while increasing operational efficiencies.
However, the benefits inherent in a comprehensive GRC initiative are dependent on arming top-level executives with sufficient visibility into risk and compliance activities to make informed decisions, yet also providing individual process owners the functionality to “drill down” into the minutia of specific compliance or risk issues and proactively address and manage issue-dependent problems.
Impact on the Organization
To realize the optimal benefits of a comprehensive GRC initiative, organizations are increasingly employing analytics that provide not only these “drill-down” capabilities, but also the ability to rapidly update decision makers on the status of the issue and how it affects the organization’s overall risk or compliance activities.
Aberdeen’s upcoming July 2008 study, “Is Your GRC Strategy Intelligent? Incorporating Analytics to Empower Accurate, Real-Time Visibility and Decision-Making,” will show how Best-in-Class companies are realizing improvements in operational efficiencies, reductions in expenses spent on legal fees and regulatory fines, and significant improvements in the quality and timeliness with which information reaches decision makers, thus enabling quicker and more accurate decisions that can be rapidly incorporated into the organizational structure on an enterprise-wide basis.
Implementing solutions that have the capability to provide easy-to-use, customizable analytics can also significantly increase employee adoption rate. Additionally, incorporating executive “dashboards” can immediately showcase the business value of GRC to corporate budget-holders.
Providing these executives with a high-level, business-driven — rather than tech-intensive — real-time view of the overall company’s compliance and risk posture allows for allows for more accurate, timely business-critical decisions. In fact, Aberdeen’s February report found that surveyed organizations experienced a 15 percent year-over-year increase in the ability to prioritize investments based on defined business objectives and defined levels of risk, and a 13 percent year-over-year increase in speed of decision making.
Improving Decision-Making Quality
At a high level, the potential benefits for organizations considering such an approach are the opportunity to improve operational efficiency and advance the business goals of the organization, specifically:
- improved visibility into risk and compliance issues;
- real-time of near real-time relay of risk and compliance posture for improved speed and accuracy of decisions;
- improved quality and delivery time of decision-critical information;
- automation of risk processes for improved risk management/mitigation efficiency and accuracy; and
- ongoing compliance with regulations.
Anyone interested in evaluating how your experiences in incorporating business intelligence into your GRC strategy compare with those of your peers, benchmark your performance to see how to achieve Best-in-Class results, and receive complimentary access to the full benchmark report as soon as it is published (a US$399 value) can take the 10 minute survey here.
Stephen Walker is a senior associate in the technology markets group at the Aberdeen Group. He can be reached at [email protected].